A large and growing population of users is enjoying entertainment through the consumption of digital media items, such as music, movies, images, electronic books, and so on. The users employ various electronic devices to consume such media items. Among these electronic devices are electronic book (“eBook”) readers, cellular telephones, personal digital assistants (PDAs), portable media players, tablet computers, netbooks, and the like.
These electronic devices often use some sort of password-based protection mechanism in order to prevent unauthorized users from accessing content stored on or accessed through the electronic devices. In order to access content, a user is requested to enter an alphanumeric password. If the password matches a previously configured password, the user is allowed to access the content. Access is denied if the entered password does not match the previously configured password.
Simple password protection such as this is sufficient for many situations. However, password protection is notoriously weak, and subject to being broken by determined hackers. Furthermore, many users choose particularly weak passwords, such as their social security number, their birthday, the name of a family member, or some other phrase that can be eventually guessed by someone familiar with the user.
In order to increase the protection of sensitive data, two-factor authentication can be used. Two-factor authentication requires a user to supply two authentication factors rather than the previously mentioned single factor of a password. In two-factor authentication, one of the factors may be a password, but the other factor might consist of the user's possession of a particular hardware token or key.
As an example, an authorized user might be issued a specially configured USB device that stores information uniquely identifying the user. In order to use a computer or other device, the user may be asked to supply a password, and in addition to connect the USB device to the computer so that the computer can verify the information on the USB device that uniquely identifies the user. Thus, the user is asked to provide some type of knowledge or user secret, and also to prove physical possession of some type of unique token that has been specially prepared for the particular user.
The second factor can alternatively consist of some physical characteristic of the user, such as a fingerprint, a voice sample, or a retinal pattern. In this situation, the computer is equipped with hardware to sample the physical characteristic, such as a fingerprint reader, and verifies the user's fingerprint before determining the user to be authenticated.
Two-factor authentication is more secure, but is more difficult to configure than single-factor password authentication. In most cases, special hardware tokens are created and issued to each user. This can be expensive and inconvenient, and also requires that the user carry an additional, dedicated hardware device. In many cases, the user will simply connect or attach the hardware device to the electronic device and leave it there, which generally negates the effectiveness of the protection scheme.